def secure_ssh_port(self): """Change SSH port""" WOGit.add(self, ["/etc/ssh"], msg="Adding changed SSH port into Git") pargs = self.app.pargs if pargs.user_input: while ((not pargs.user_input.isdigit()) and (not pargs.user_input < 65536)): Log.info(self, "Please enter a valid port number ") pargs.user_input = input("Server " "SSH port [22]:") if not pargs.user_input: port = input("Server SSH port [22]:") if port == "": port = 22 while (not port.isdigit()) and (port != "") and (not port < 65536): Log.info(self, "Please Enter valid port number :") port = input("Server SSH port [22]:") pargs.user_input = port if WOFileUtils.grepcheck(self, '/etc/ssh/sshd_config', '#Port'): WOShellExec.cmd_exec(self, "sed -i \"s/#Port.*/Port " "{port}/\" /etc/ssh/sshd_config" .format(port=pargs.user_input)) else: WOShellExec.cmd_exec(self, "sed -i \"s/Port.*/Port " "{port}/\" /etc/ssh/sshd_config" .format(port=pargs.user_input)) # allow new ssh port if ufw is enabled if os.path.isfile('/etc/ufw/ufw.conf'): # add rule for proftpd with UFW if WOFileUtils.grepcheck( self, '/etc/ufw/ufw.conf', 'ENABLED=yes'): try: WOShellExec.cmd_exec( self, 'ufw limit {0}'.format(pargs.user_input)) WOShellExec.cmd_exec( self, 'ufw reload') except Exception as e: Log.debug(self, "{0}".format(e)) Log.error(self, "Unable to add UFW rule") # add ssh into git WOGit.add(self, ["/etc/ssh"], msg="Adding changed SSH port into Git") # restart ssh service if not WOService.restart_service(self, 'ssh'): Log.error(self, "service SSH restart failed.") Log.info(self, "Successfully changed SSH port to {port}" .format(port=pargs.user_input))
def migrate_mariadb(self, ci=False): # Backup all database WOMysql.backupAll(self, fulldump=True) # Remove previous MariaDB repository wo_mysql_old_repo = ("deb [arch=amd64,ppc64el] " "http://mariadb.mirrors.ovh.net/MariaDB/repo/" "10.3/{distro} {codename} main".format( distro=WOVar.wo_distro, codename=WOVar.wo_platform_codename)) if WOFileUtils.grepcheck(self, '/etc/apt/sources.list.d/wo-repo.list', wo_mysql_old_repo): WORepo.remove(self, repo_url=wo_mysql_old_repo) # Add MariaDB repo pre_pref(self, WOVar.wo_mysql) # Install MariaDB Log.wait(self, "Updating apt-cache ") WOAptGet.update(self) Log.valide(self, "Updating apt-cache ") Log.wait(self, "Upgrading MariaDB ") WOAptGet.remove(self, ["mariadb-server"]) WOAptGet.auto_remove(self) WOAptGet.install(self, WOVar.wo_mysql) if not ci: WOAptGet.dist_upgrade(self) WOAptGet.auto_remove(self) Log.valide(self, "Upgrading MariaDB ") WOFileUtils.mvfile(self, '/etc/mysql/my.cnf', '/etc/mysql/my.cnf.old') WOFileUtils.create_symlink( self, ['/etc/mysql/mariadb.cnf', '/etc/mysql/my.cnf']) WOShellExec.cmd_exec(self, 'systemctl daemon-reload') WOShellExec.cmd_exec(self, 'systemctl enable mariadb') post_pref(self, WOVar.wo_mysql, [])
def hashbucket(self): # Check Nginx Hashbucket error sub = subprocess.Popen('nginx -t', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) output, error_output = sub.communicate() if 'server_names_hash_bucket_size' not in str(error_output): return True count = 0 # Get the list of sites-availble sites_list = os.listdir("/etc/nginx/sites-enabled/") # Count the number of characters in site names for site in sites_list: count = sum([count, len(site)]) # Calculate Nginx hash bucket size ngx_calc = math.trunc(sum([math.log(count, 2), 2])) ngx_hash = math.trunc(math.pow(2, ngx_calc)) # Replace hashbucket in Nginx.conf file if WOFileUtils.grepcheck(self, "/etc/nginx/nginx.conf", "# server_names_hash_bucket_size 64;"): ngxconf = open("/etc/nginx/conf.d/hashbucket.conf", encoding='utf-8', mode='w') ngxconf.write("\tserver_names_hash_bucket_size {0};".format(ngx_hash)) ngxconf.close() elif WOFileUtils.grepcheck(self, "/etc/nginx/nginx/conf", "server_names_hash_bucket_size"): for line in fileinput.FileInput("/etc/nginx/nginx.conf", inplace=1): if "server_names_hash_bucket_size" in line: print("\tserver_names_hash_bucket_size {0};".format(ngx_hash)) else: print(line, end='') else: ngxconf = open("/etc/nginx/conf.d/hashbucket.conf", encoding='utf-8', mode='w') ngxconf.write("\tserver_names_hash_bucket_size {0};".format(ngx_hash)) ngxconf.close()
def removeconf(self, domain): sslconf = ("/var/www/{0}/conf/nginx/ssl.conf" .format(domain)) sslforce = ("/etc/nginx/conf.d/force-ssl-{0}.conf" .format(domain)) acmedir = [ '{0}'.format(sslforce), '{0}'.format(sslconf), '{0}/{1}_ecc'.format(WOVar.wo_ssl_archive, domain), '{0}.disabled'.format(sslconf), '{0}.disabled' .format(sslforce), '{0}/{1}' .format(WOVar.wo_ssl_live, domain), '/etc/letsencrypt/shared/{0}.conf'.format(domain)] wo_domain = domain # check acme.sh is installed WOAcme.check_acme(self) if WOAcme.cert_check(self, wo_domain): Log.info(self, "Removing Acme configuration") Log.debug(self, "Removing Acme configuration") try: WOShellExec.cmd_exec( self, "{0} ".format(WOAcme.wo_acme_exec) + "--remove -d {0} --ecc".format(domain)) except CommandExecutionError as e: Log.debug(self, "{0}".format(e)) Log.error(self, "Cert removal failed") # remove all files and directories for dir in acmedir: if os.path.exists('{0}'.format(dir)): WOFileUtils.rm(self, '{0}'.format(dir)) # find all broken symlinks WOFileUtils.findBrokenSymlink(self, "/var/www") else: if os.path.islink("{0}".format(sslconf)): WOFileUtils.remove_symlink(self, "{0}".format(sslconf)) WOFileUtils.rm(self, '{0}'.format(sslforce)) if WOFileUtils.grepcheck(self, '/var/www/22222/conf/nginx/ssl.conf', '{0}'.format(domain)): Log.info( self, "Setting back default certificate for WordOps backend") with open("/var/www/22222/conf/nginx/" "ssl.conf", "w") as ssl_conf_file: ssl_conf_file.write("ssl_certificate " "/var/www/22222/cert/22222.crt;\n" "ssl_certificate_key " "/var/www/22222/cert/22222.key;\n")
def status(self): """Status of services""" services = [] wo_system = "/lib/systemd/system/" pargs = self.app.pargs if not (pargs.nginx or pargs.php or pargs.php72 or pargs.php73 or pargs.php74 or pargs.php80 or pargs.php81 or pargs.mysql or pargs.netdata or pargs.proftpd or pargs.redis or pargs.fail2ban): pargs.nginx = True pargs.php = True pargs.mysql = True pargs.fail2ban = True pargs.netdata = True pargs.ufw = True if pargs.nginx: if os.path.exists('{0}'.format(wo_system) + 'nginx.service'): services = services + ['nginx'] else: Log.info(self, "Nginx is not installed") if pargs.php: if os.path.exists('{0}'.format(wo_system) + 'php7.2-fpm.service'): services = services + ['php7.2-fpm'] else: Log.info(self, "PHP7.2-FPM is not installed") if os.path.exists('{0}'.format(wo_system) + 'php7.3-fpm.service'): services = services + ['php7.3-fpm'] else: Log.info(self, "PHP7.3-FPM is not installed") if os.path.exists('{0}'.format(wo_system) + 'php7.4-fpm.service'): services = services + ['php7.4-fpm'] else: Log.info(self, "PHP7.4-FPM is not installed") if os.path.exists('{0}'.format(wo_system) + 'php8.0-fpm.service'): services = services + ['php8.0-fpm'] else: Log.info(self, "PHP8.0-FPM is not installed") if os.path.exists('{0}'.format(wo_system) + 'php8.1-fpm.service'): services = services + ['php8.1-fpm'] else: Log.info(self, "PHP8.1-FPM is not installed") if pargs.php72: if os.path.exists('{0}'.format(wo_system) + 'php7.2-fpm.service'): services = services + ['php7.2-fpm'] else: Log.info(self, "PHP7.2-FPM is not installed") if pargs.php73: if os.path.exists('{0}'.format(wo_system) + 'php7.3-fpm.service'): services = services + ['php7.3-fpm'] else: Log.info(self, "PHP7.3-FPM is not installed") if pargs.php74: if os.path.exists('{0}'.format(wo_system) + 'php7.4-fpm.service'): services = services + ['php7.4-fpm'] else: Log.info(self, "PHP7.4-FPM is not installed") if pargs.php80: if os.path.exists('{0}'.format(wo_system) + 'php8.0-fpm.service'): services = services + ['php8.0-fpm'] else: Log.info(self, "PHP8.0-FPM is not installed") if pargs.php81: if os.path.exists('{0}'.format(wo_system) + 'php8.1-fpm.service'): services = services + ['php8.1-fpm'] else: Log.info(self, "PHP8.1-FPM is not installed") if pargs.mysql: if ((WOVar.wo_mysql_host == "localhost") or (WOVar.wo_mysql_host == "127.0.0.1")): if os.path.exists('/lib/systemd/system/mariadb.service'): services = services + ['mariadb'] else: Log.info(self, "MySQL is not installed") else: Log.warn( self, "Remote MySQL found, " "Unable to check MySQL service status") if pargs.redis: if os.path.exists('{0}'.format(wo_system) + 'redis-server.service'): services = services + ['redis-server'] else: Log.info(self, "Redis server is not installed") if pargs.fail2ban: if os.path.exists('{0}'.format(wo_system) + 'fail2ban.service'): services = services + ['fail2ban'] else: Log.info(self, "fail2ban is not installed") # proftpd if pargs.proftpd: if os.path.exists('/etc/init.d/proftpd'): services = services + ['proftpd'] else: Log.info(self, "ProFTPd is not installed") # netdata if pargs.netdata: if os.path.exists('{0}'.format(wo_system) + 'netdata.service'): services = services + ['netdata'] else: Log.info(self, "Netdata is not installed") # UFW if pargs.ufw: if os.path.exists('/usr/sbin/ufw'): if WOFileUtils.grepcheck(self, '/etc/ufw/ufw.conf', 'ENABLED=yes'): Log.info(self, "UFW Firewall is enabled") else: Log.info(self, "UFW Firewall is disabled") else: Log.info(self, "UFW is not installed") for service in services: if WOService.get_service_status(self, service): Log.info(self, "{0:10}: {1}".format(service, "Running"))
def default(self): pargs = self.app.pargs if not pargs.site_name and not pargs.all: try: while not pargs.site_name: pargs.site_name = (input('Enter site name : ').strip()) except IOError as e: Log.debug(self, str(e)) Log.error(self, 'could not input site name') pargs.site_name = pargs.site_name.strip() wo_domain = WODomain.validate(self, pargs.site_name) wo_db_name = '' wo_prompt = '' wo_nginx_prompt = '' mark_db_delete_prompt = False mark_webroot_delete_prompt = False mark_db_deleted = False mark_webroot_deleted = False if not check_domain_exists(self, wo_domain): Log.error(self, "site {0} does not exist".format(wo_domain)) if ((not pargs.db) and (not pargs.files) and (not pargs.all)): pargs.all = True if pargs.force: pargs.no_prompt = True # Gather information from wo-db for wo_domain check_site = getSiteInfo(self, wo_domain) wo_site_type = check_site.site_type wo_site_webroot = check_site.site_path if wo_site_webroot == 'deleted': mark_webroot_deleted = True if wo_site_type in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']: wo_db_name = check_site.db_name wo_db_user = check_site.db_user if self.app.config.has_section('mysql'): wo_mysql_grant_host = self.app.config.get( 'mysql', 'grant-host') else: wo_mysql_grant_host = 'localhost' if wo_db_name == 'deleted': mark_db_deleted = True if pargs.all: pargs.db = True pargs.files = True else: if pargs.all: mark_db_deleted = True pargs.files = True # Delete website database if pargs.db: if wo_db_name != 'deleted' and wo_db_name != '': if not pargs.no_prompt: wo_db_prompt = input('Are you sure, you want to delete' ' database [y/N]: ') else: wo_db_prompt = 'Y' mark_db_delete_prompt = True if wo_db_prompt == 'Y' or wo_db_prompt == 'y': mark_db_delete_prompt = True Log.info( self, "Deleting Database, {0}, user {1}".format( wo_db_name, wo_db_user)) deleteDB(self, wo_db_name, wo_db_user, wo_mysql_grant_host, False) updateSiteInfo(self, wo_domain, db_name='deleted', db_user='******', db_password='******') mark_db_deleted = True Log.info(self, "Deleted Database successfully.") else: mark_db_deleted = True Log.info(self, "Does not seems to have database for this site.") # Delete webroot if pargs.files: if wo_site_webroot != 'deleted': if not pargs.no_prompt: wo_web_prompt = input('Are you sure, you want to delete ' 'webroot [y/N]: ') else: wo_web_prompt = 'Y' mark_webroot_delete_prompt = True if wo_web_prompt == 'Y' or wo_web_prompt == 'y': mark_webroot_delete_prompt = True Log.info(self, "Deleting Webroot, {0}".format(wo_site_webroot)) deleteWebRoot(self, wo_site_webroot) updateSiteInfo(self, wo_domain, webroot='deleted') mark_webroot_deleted = True Log.info(self, "Deleted webroot successfully") else: mark_webroot_deleted = True Log.info(self, "Webroot seems to be already deleted") if not pargs.force: if (mark_webroot_deleted and mark_db_deleted): # TODO Delete nginx conf removeNginxConf(self, wo_domain) deleteSiteInfo(self, wo_domain) WOAcme.removeconf(self, wo_domain) Log.info(self, "Deleted site {0}".format(wo_domain)) # else: # Log.error(self, " site {0} does # not exists".format(wo_domain)) else: if (mark_db_delete_prompt or mark_webroot_delete_prompt or (mark_webroot_deleted and mark_db_deleted)): # TODO Delete nginx conf removeNginxConf(self, wo_domain) deleteSiteInfo(self, wo_domain) # To improve if not WOFileUtils.grepcheck( self, '/var/www/22222/conf/nginx/ssl.conf', wo_domain): WOAcme.removeconf(self, wo_domain) Log.info(self, "Deleted site {0}".format(wo_domain))